Becoming a CHECK provider

Created:  26 Oct 2015
Updated:  15 Jan 2018

The NCSC sets high standards for CHECK Service Providers, against which all new applicants are measured. Government departments employing CHECK Service Providers can be assured that they are selecting a highly qualified and suitably experienced team and will receive a high quality service. CHECK companies can be confident that they are part of a professional service which is held in high regard in government and the private sector.

We work hard to build on the good reputation CHECK already has with government departments and the private sector by actively promoting the CHECK Scheme at many high-profile conferences, and through direct contact with a wide range of government departments.

Benefits of CHECK membership

Companies can expect:

  • promotion of the CHECK Service to a wide customer base
  • listing of your company on our web site
  • access to advice and assistance on the application of CHECK Service Guidelines
  • sponsorship and maintenance of security clearances where required

Read more below about applying for CHECK membership and then contact the Enquiries team for an application form.

Applying for CHECK Membership

If you decide to apply please send in your completed application together with the documentation detailed below to the CHECK team. You will be notified of the outcome of your application at the end of the process.

Company background

We require the following details regarding the company applying for CHECK membership:

  • an outline of your Company's penetration testing methodology
  • the number of significant penetration testing engagements undertaken by your Company in the last 12 months, and evidence that the Company has performed penetration tests under the submitted Company name for that period
  • copies of at least two reports of penetration test work conducted by your Company
  • two independent references from companies/organisations for which your Company has conducted penetration test work
  • details of current and proposed Company quality procedures (eg ISO accreditations) and how these will be applied to work undertaken as a CHECK Service Provider
     

Staff resources

When applying for CHECK membership, you will need to identify all employees who will conduct penetration testing under the terms of CHECK.  The following details should be included for each prospective member:

  • Full name
  • Date of birth
  • PAYE Tax Reference Number

For CHECK Team Leaders only:

  • Details of relevant qualifications and relevant penetration testing experience
  • Answers to some specific questions regarding penetration testing experience

We also require that each Team Leader submits 2 redacted reports they have authored and answered to the following three questions, on a separate sheet of paper:

  • In the previous 3 years, how many months have you been employed primarily as a pen tester?
  • In the previous 12 months, how many penetration tests have you personally conducted? If under 10 please state the number of days spent performing penetration tests.
  • How many penetration test reports have you personally written in the last 12 months?

Please note; All members of your CHECK team must be able to hold a valid SC clearance. 

Qualifying examinations for CHECK

At least one member of your team will be required to qualify as a CHECK team Leader before the team will be eligible to work under the CHECK Scheme. We will accept passes from one of the following examinations when approving CHECK Team Leader and Team Member status.

CHECK Team Leader (Infrastructure)

CHECK Team Leader (Web applications)

CHECK Team Member

A pass in any one of these examinations merely demonstrates technical competence and does not replace the other requirements to attain CHECK Team Leader/Member status. Only the NCSC may confer CHECK Team Leader/Member status. The examining organisation, CREST, Cyber Scheme or Tiger Scheme, will pass all relevant information to us.

Selection

A panel of NCSC personnel will review the company submission and the candidates identified for conducting work under CHECK and confirm their suitability. We will also confirm their current security clearance level and initiate clearance procedures where necessary.

Ultimately, the panel will use the material supplied to understand how the company performs a typical engagement, interprets the results and communicates these to the customer. We will work with the company to clarify any issues with the submission or to seek further supporting evidence, as necessary. If the panel is satisfied that the company can perform penetration tests in a way that is suitable for HMG customers, then the applicant company will be approved on a technical basis. If this is not the case then the submission will be refused.

Please note that any applications which are refused cannot be resubmitted within a 12 month period from the date of the refusal by the panel.

The contract

Once we have received your application and can confirm you meet all of our qualifying requirements, we will send a Contract Acceptance Form. This should be signed by an appropriately authorised member of your organisation. Your contract year will begin when we receive the signed Contract Acceptance Form.

Cost

An annual subscription fee, which is reviewed periodically, is charged for CHECK membership.

Further information

If you have any questions about the application process or any other aspect of the CHECK Service, please contact the NCSC Enquiries team.

Was this information helpful?

We need your feedback to improve this content.

Yes No